[ISN] Bloggers howl after conference snoops on 'secure' network

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Oct 2009 01:26:16 -0500 (CDT)
http://www.theregister.co.uk/2009/10/15/sector_network_monitoring_bruhaha/

By Dan Goodin in San Francisco
The Register
15th October 2009

Organizers of last week's SecTor security conference collected names, 
passwords, and all other traffic passing over two Wi-Fi networks 
provided to attendees, including one that was encrypted, the event's 
director has confirmed.

Borrowing a page from the Wall of Sheep at the Defcon hacker conference 
each year in Las Vegas, the exercise was designed to draw attention to 
the perils of public networks, conference organizer Brian Bourne told 
The Reg. Indeed, Bourne - who is the director of Black Arts Illuminated, 
the company that puts on the event - found partly obscured credentials 
for his on Twitter account on the SecTor Wall of Shame.

But what made the Wall of Shame different - at least to some attendees - 
was the sniffing of a network that was represented as secure. The 
wireless connection carried an SSID named "Sector2009Secured" and was 
encrypted using the WPA, or Wi-Fi Protected Access, protocol. Before it 
could be used, attendees had to stop by a booth sponsored by Canadian 
security vendor eSentire to retrieve the network's pre-shared key.

"In 2009, we still have so many applications leaking credentials onto 
the wire, and we have people still deploying and using insecure 
protocols," Bourne said. "Our intention with the Wall of Shame was to 
highlight that."

[...]


________________________________________ 
Did a friend send you this? From now on, be the 
first to find out! Subscribe to InfoSec News 
http://www.infosecnews.org
Received on Thu Oct 15 2009 - 23:26:16 PDT

This archive was generated by hypermail 2.2.0 : Thu Oct 15 2009 - 23:42:40 PDT